Project

General

Profile

Feature #1337

VLANs with different MAC address than parent interface

Added by Ermal Luçi about 10 years ago. Updated 7 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Renato Botelho
Category:
Interfaces
Target version:
Future
Start date:
03/08/2011
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

In FreeBSD it is possible to host an vlan(4) with a different mac address from the parent.
This needs the parent interface in promiscuous mode, which at present days is not much of a issue.

Linked report here http://forum.pfsense.org/index.php/topic,34094.0.html.

Possibly an option should be given to people activate this issue.

Associated revisions

Revision 4cd8424a (diff)
Added by Renato Botelho over 2 years ago

Revert ticket #1337

FreeBSD is not happy with simple set VLAN to use a different MAC
address. Revert it for now and prevent users to change VLAN interface
MAC address.

History

#1 Updated by Chris Buechler almost 5 years ago

  • Subject changed from Vlan with different mac address than parent interface to VLANs with different MAC address than parent interface

#2 Updated by Renato Botelho over 2 years ago

  • Status changed from New to 13
  • Assignee set to Renato Botelho
  • Target version set to 2.4.4

#3 Updated by Renato Botelho over 2 years ago

  • Status changed from 13 to Feedback

#4 Updated by Steve Beaver over 2 years ago

  • Status changed from Feedback to 13

James Dekker [6:49 PM]
With SG-5100 and XG-2758 on `2.4.4.a.20180824.1144` (which isn't the latest build, but should include whatever the fix was on `1337`) .. added a VLAN, assigned it as an interface with a static IP on both appliances, enabled the parent interface (no IP set, just enabled so the VLANs could use the interfaces) ... added a allow any rule on the VLAN interface on both pfSense. From either pfSense, I could ping the other. Then on one, I spoofed the VLAN interface mac as `DE:AD:BE:EF:CA:FE`, went to ping and now it fails. Remove the spoofed MAC, pings succeed again.

I his a valid test?

#5 Updated by Renato Botelho over 2 years ago

  • Status changed from 13 to In Progress

#6 Updated by Renato Botelho over 2 years ago

  • Status changed from In Progress to Assigned
  • Target version changed from 2.4.4 to 48

#7 Updated by Jim Pingle about 2 years ago

  • Target version changed from 48 to 2.5.0

#8 Updated by Wik Joh 9 months ago

It's possible to do this by editing /etc/inc/interfaces.inc and adding the lines below, but it would be nice if it could be done through the UI.

mwexec("/sbin/ifconfig igb0 promisc");
mwexec("/sbin/ifconfig igb0.10 promisc");
mwexec("/sbin/ifconfig igb0.10 ether 00:aa:bb:cc:dd:ee");

#9 Updated by Luiz Souza 9 months ago

I'm not sure that setting the interface in promiscuous mode is the right thing to do here. There will be performance issues (no more HW filtering).

Please advance with caution.

#10 Updated by Renato Botelho 7 months ago

  • Target version changed from 2.5.0 to Future

Setting the interface in promiscuous mode is not the way to go and without it FreeBSD don't offer a way to make it to work. At least not today. Moving it to Future and we can target it to a version when we have a proper way of doing that

Also available in: Atom PDF